# CCNA 200-301 Official Cert Guide Library  ## Metadata - Author: [[Odom Wendell]] - Full Title: CCNA 200-301 Official Cert Guide Library - Category: #books ## Highlights - You must first master the conceptual exam topic verbs. The progression runs something like this: Describe, Identify, Explain, Compare/Contrast, Configure, Verify, Troubleshoot ([Location 827](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=827)) - Tags: [[orange]] - The following appendices hold this edition’s content from previous editions: ([Location 1127](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=1127)) - Tags: [[orange]] - dotted-decimal notation (DDN). ([Location 1773](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=1773)) - segment for the transport layer, packet for the network layer, and frame for the link layer. ([Location 1882](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=1882)) - As a rule, Ethernet NIC transmitters use the pair connected to pins 1 and 2; the NIC receivers use a pair of wires at pin positions 3 and 6. LAN switches, knowing those facts about what Ethernet NICs do, do the opposite: Their receivers use the wire pair at pins 1 and 2, and their transmitters use the wire pair at pins 3 and 6. To allow a PC NIC to communicate with a switch, the UTP cable must also use a straight-through cable pinout. ([Location 2286](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=2286)) - Crossover cable: If the endpoints transmit on the same pin pair Straight-through cable: If the endpoints transmit on different pin pairs ([Location 2327](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=2327)) - Note: Pc router ap vs switch hub (same group needs crossover) - If you have some experience with installing LANs, you might be thinking that you have used the wrong cable before (straight-through or crossover), but the cable worked. Cisco switches have a feature called auto-mdix that notices when the wrong cable is used and automatically changes its logic to make the link work. However, for the exams, be ready to identify whether the correct cable is shown in the figures. ([Location 2347](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=2347)) ## New highlights added September 19, 2023 at 10:10 PM - ARP dynamically learns the data-link address of an IP host connected to a LAN. For example, at the last step, at the bottom of Figure 3-11, Router R3 would use ARP once to learn PC2’s MAC address before sending any packets to PC2. ([Location 3108](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=3108)) - Two IP addresses, not separated from each other by a router, must be in the same group (subnet). Two IP addresses, separated from each other by at least one router, must be in different groups (subnets). ([Location 3135](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=3135)) ## New highlights added September 24, 2023 at 9:24 PM - Note that the last three parameters are referred to collectively as 8N1: 9600 bits/second No hardware flow control 8-bit ASCII No parity bits 1 stop bit ([Location 3520](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=3520)) - However, not one of the commands in user or privileged mode changes the switch’s configuration. Configuration mode accepts configuration commands— ([Location 3689](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=3689)) - Figure 4-9 Cisco Switch Memory Types ([Location 3781](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=3781)) - Switches build the address table by listening to incoming frames and examining the source MAC address in the frame. ([Location 4105](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=4105)) - The idea is simple: if you do not know where to send it, send it everywhere, to deliver the frame. ([Location 4133](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=4133)) - Switches also flood LAN broadcast frames (frames destined to the Ethernet broadcast address of FFFF.FFFF.FFFF) ([Location 4135](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=4135)) - STP causes each interface on a switch to settle into either a blocking state or a forwarding state. Blocking means that the interface cannot forward or receive data frames, while forwarding means that the interface can send and receive data frames. If a correct subset of the interfaces is blocked, only a single currently active logical path exists between each pair of LANs. ([Location 4161](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=4161)) - switched virtual interface (SVI), or more commonly, a VLAN interface, that acts like the switch’s own NIC. ([Location 4861](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=4861)) - IEEE autonegotiation (IEEE standard 802.3u) ([Location 5409](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=5409)) - For example, in Figure 7-4, imagine that SW2’s Gi0/2 interface was configured with the speed 100 and duplex full commands (these settings are not recommended on a Gigabit-capable interface, by the way). On Cisco switches, configuring both the speed and duplex commands disables IEEE autonegotiation on that port. If SW1’s Gi0/1 interface tries to use autonegotiation, SW1 would also use a speed of 100 Mbps, but default to use half duplex. Example 7-8 shows the results of this specific case on SW1. ([Location 5600](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=5600)) - The most common incorrect configuration—which results in both switches not trunking—is a configuration that uses the switchport mode dynamic auto command on both switches on the link. ([Location 6590](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=6590)) - trunking-related facts are show interfaces trunk and show interfaces switchport. Just be aware that the switches do not prevent you from making these configuration mistakes. ([Location 6619](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=6619)) ## New highlights added September 29, 2023 at 8:42 PM - Spanning Tree Protocol (STP) allows Ethernet LANs to have the added benefits of installing redundant links in a LAN, while overcoming the known problems that occur when adding those extra links. ([Location 6767](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=6767)) - Switches need a tiebreaker to use in case the best root cost ties for two or more paths. If a tie occurs, the switch applies these three tiebreakers to the paths that tie, in order, as follows: ([Location 7105](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=7105)) - Network engineers often want to change the STP/RSTP settings to then change the choices STP/RSTP makes in a given LAN. Two main tools available to the engineer are to configure the bridge ID and to change STP/RSTP port costs. First, to change the BID, the engineer can set the priority used by the switch, while continuing to use the universal MAC address as the final 48 bits of the BID. For instance, giving a switch the lowest priority value among all switches will cause that switch to win the root election. Port costs also have default values, per port, per VLAN. You can configure these port costs, which will in turn impact many switch’s calculations of the root cost. For instance, to favor one link, give the ports on that link a lower cost, or to avoid a link, give the ports a higher cost. ([Location 7144](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=7144)) ## New highlights added October 4, 2023 at 11:45 PM - A switch’s RP is its interface through which it has the least STP/RSTP cost to reach the root switch (least root cost). ([Location 7062](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=7062)) - STP uses the idea of roles and states. Roles, like root port and designated port, relate to how STP analyzes the LAN topology. States, like forwarding and blocking, tell a switch whether to send or receive frames. When STP converges, a switch chooses new port roles, and the port roles determine the state (forwarding or blocking). ([Location 7235](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=7235)) - STP moves an interface from blocking to listening, then to learning, and then to forwarding state. ([Location 7248](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=7248)) - STP takes a relatively long time to converge (50 seconds with the default settings when all the wait times must be followed). RSTP improves network convergence when topology changes occur, usually converging within a few seconds (or in slow conditions, in about 10 seconds). ([Location 7300](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=7300)) - To be an alternate port, both the RP and the alternate port must receive Hellos that identify the same root switch. ([Location 7333](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=7333)) - RSTP, to converge more quickly, avoids relying on timers. RSTP switches tell each other (using messages) that the topology has changed. Those messages also direct neighboring switches to flush the contents of their MAC tables in a way that removes all the potentially loop-causing entries, without a wait. As a result, RSTP creates more scenarios in which a formerly discarding port can immediately transition to a forwarding state, without waiting, and without using the learning state, as shown in the example ([Location 7395](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=7395)) - The current CCNA exam blueprint includes a topic for the configuration of both Layer 2 EtherChannels (as described here) as well as Layer 3 EtherChannels. Chapter 10, “RSTP and EtherChannel Configuration,” shows how to configure Layer 2 EtherChannels, while Chapter 17, “IP Routing in the LAN,” shows how to configure Layer 3 EtherChannels. Note that Layer 2 EtherChannels combine links that switches use as switch ports, with the switches using Layer 2 switching logic to forward and receive Ethernet frames over the EtherChannels. Layer 3 EtherChannels also combine links, but the switches use Layer 3 routing logic to forward packets over the EtherChannels. ([Location 7449](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=7449)) - the only ports on which you can safely enable PortFast are ports on which you know that no bridges, switches, or other STP-speaking devices are connected. ([Location 7456](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=7456)) - The Cisco BPDU Guard feature helps defeat these kinds of problems by disabling a port if any BPDUs are received on the port. So, this feature is particularly useful on ports that should be used only as an access port and never connected to another switch. ([Location 7473](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=7473)) ## New highlights added October 8, 2023 at 10:36 AM - Without EtherChannel, with parallel links between two switches, STP/RSTP would block all links except one, but with EtherChannel, the switch can use all the links, load balancing the traffic over the links. ([Location 7824](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=7824)) ## New highlights added October 11, 2023 at 7:09 AM - RSTP adds features beyond STP that enable ports to be used for a role if another port on the same switch fails. Which of the following statements correctly describe a port role that is waiting to take over for another port role? (Choose two answers.) a. An alternate port waits to become a root port. b. A backup port waits to become a root port. c. An alternate port waits to become a designated port. d. A backup port waits to become a designated port. ([Location 6822](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=6822)) - Originally, a switch’s BID was formed by combining the switch’s 2-byte priority and its 6-byte MAC address. The revised rules divide the original priority field into two separate fields, as shown in Figure 10-4: a 4-bit priority field and a 12-bit subfield called the system ID extension (which represents the VLAN ID). ([Location 7695](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=7695)) - EtherChannel may be one of the most challenging switch features to make work. First, the configuration has several options, so you have to remember the details of which options work together. Second, the switches also require a variety of other interface settings to match among all the links in the channel, so you have to know those settings as well. ([Location 7829](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=7829)) - negotiations.” As shown in Figure 10-7, the desirable and auto keywords enable PAgP, and the active and passive keywords enable LACP. ([Location 7899](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=7899)) - The list of items the switch checks includes the following: Speed Duplex Operational access or trunking state (all must be access, or all must be trunks) If an access port, the access VLAN If a trunk port, the allowed VLAN list (per the switchport trunk allowed command) If a trunk port, the native VLAN STP interface settings In addition, switches check the settings on the neighboring switch. To do so, the switches either use PAgP or LACP (if already in use) or use Cisco Discovery Protocol (CDP) if using manual configuration. When checking neighbors, all settings except the STP settings must match. ([Location 7937](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=7937)) ## New highlights added October 16, 2023 at 7:40 AM - 10.0.0.0 1 B 172.16.0.0 through 172.31.0.0 16 C 192.168.0.0 through 192.168.255.0 ([Location 8582](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=8582)) - Class B network numbers range from 128.0.0.0 to 191.255.0.0, ([Location 9064](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=9064)) - Finding the Subnet Broadcast Address: Difficult Masks To find a subnet’s broadcast address, a similar process can be used. For simplicity, this process begins with the subnet ID, rather than the IP address. If you happen to start with an IP address instead, use the processes in this chapter to first find the subnet ID, and then use the following process to find the subnet broadcast address for that same subnet. For each octet: Step 1. If the mask octet = 255, copy the subnet ID. Step 2. If the mask octet = 0, write 255. Step 3. If the mask is neither, identify this octet as the interesting octet: A. Calculate the magic number as 256 – mask. B. Take the subnet ID’s value, add the magic number, and subtract 1 (ID + magic – 1). ([Location 10259](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=10259)) - The term collision domain comes from the far back history of Ethernet LANs. To be honest, sometimes people new to Ethernet can get a little confused about what this term really means in the context of a modern Ethernet LAN, in part because modern Ethernet LANs, done properly, can completely prevent collisions. ([Location 26687](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=26687)) - LAN switches perform the same basic core functions as bridges but at much faster speeds and with many enhanced features. Like bridges, switches segment a LAN into separate collision domains, each with its own capacity. And if the network does not have a hub, each single link in a modern LAN is considered its own collision domain, even if no collisions can actually occur in that case. ([Location 26748](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=26748)) - As strange as it sounds, each of those collision domains in a modern LAN may also never have a collision. Any link that uses full duplex—that is, both devices on the link use full duplex—does not have collisions. ([Location 26762](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=26762)) - Whenever a port that could use full duplex (therefore avoiding collisions) happens to use half duplex—by incorrect configuration, by the result of autonegotiation, or any other reason—collisions can now occur. ([Location 26774](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=26774)) - The more devices in the same broadcast domain, the more unnecessary interruptions of each device’s CPU. ([Location 26856](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=26856)) - Wireless LAN controller: Controls and manages all AP functions (for example, roaming, defining WLANs, authentication) Lightweight AP (LWAP): Forwards data between the wired and wireless LAN, and specifically forwarding data through the WLC using a protocol like Control And Provisioning of Wireless Access Points (CAPWAP) ([Location 27170](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=27170)) - ip subnet-zero, which allows the configuration of addresses in the zero subnet. no ip subnet-zero, which prevents the configuration of addresses in the zero subnet. ([Location 27438](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=27438)) - Determining the STP root switch is easy if you know all the switches’ BIDs: Just pick the lowest value. If the question lists the priority and MAC address separately, as is common in some show command output, pick the switch with the lowest priority, or in the case of a tie, pick the lower MAC address value. ([Location 29283](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=29283)) ## New highlights added October 20, 2023 at 8:02 AM - frames for which the switch does not list the destination MAC address in the MAC address table. The LAN switch floods those frames. The result? Routers sometimes receive frames destined for some other device, with some other device’s MAC address listed as the destination MAC address. Routers should ignore those frames. ([Location 11206](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=11206)) - A floating static route floats or moves into and out of the IP routing table depending on whether the better (lower) administrative distance route learned by the routing protocol happens to exist currently. ([Location 11475](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=11475)) ## New highlights added October 24, 2023 at 7:36 AM - VLAN Routing with Router 802.1Q Trunks: The first section discusses how to configure a router to use VLAN trunking as connected to a Layer 2 switch. The router does the routing, with the switch creating the VLANs. The link between the router and switch use trunking so that the router has an interface connected to each VLAN/subnet. This feature is known as routing over a VLAN trunk and also known as router-on-a-stick (ROAS). VLAN Routing with Layer 3 Switch SVIs: The second section discusses using a LAN switch that supports both Layer 2 switching and Layer 3 routing (called a Layer 3 switch or multilayer switch). To route, the Layer 3 switch configuration uses interfaces called switched virtual interfaces (SVI), which are also called VLAN interfaces. ([Location 11775](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=11775)) - VLAN Routing with Layer 3 Switch Routed Ports: The third major section of the chapter discusses an alternative to SVIs called routed ports, in which the physical switch ports are made to act like interfaces on a router. This third section also introduces the concept of an EtherChannel as used as a routed port in a feature called Layer 3 EtherChannel. ([Location 11780](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=11780)) - fact, the subinterface number does not even have to match the associated VLAN ID. (The encapsulation command, and not the subinterface number, defines the VLAN ID associated with the subinterface.) ([Location 11924](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=11924)) - Configure the ip address command on the physical interface, but without an encapsulation command; the router considers this physical interface to be using the native VLAN. Configure the ip address command on a subinterface and use the encapsulation dot1q vlan-id native subcommand to tell the router both the VLAN ID and the fact that it is the native VLAN. ([Location 11940](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=11940)) - each non-native VLAN configured on the router with an encapsulation dot1q vlan-id command on a subinterface? Do those same VLANs exist on the trunk on the neighboring switch (show interfaces trunk), and are they in the allowed list, not VTP pruned, and not STP blocked? Does each router ROAS subinterface have an IP address/mask configured per the planned configuration? If using the native VLAN, is it configured correctly on the router either on a subinterface (with an encapsulation dot1q vlan-id native command) or implied on the physical interface? Is the same native VLAN configured on the neighboring switch’s trunk in comparison to the native VLAN configured on the router? Are the router physical or ROAS subinterfaces configured with a shutdown command? ([Location 12025](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=12025)) - (SVIs forward traffic internally into the VLAN, so that then the Layer 2 logic can forward the frame out any of the ports in the VLAN. Routed ports cannot.) ([Location 12222](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=12222)) ## New highlights added October 25, 2023 at 7:13 AM - As a protocol, ICMP does not rely on TCP or UDP, and it does not use any application layer protocol. It functions as part of Layer 3, as a control protocol to assist IP by helping manage the IP network functions. ([Location 12536](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=12536)) ## New highlights added November 1, 2023 at 8:01 AM - both OSPF and EIGRP must be used. Then that router can take routes learned by OSPF and advertise them into EIGRP, and vice versa, through a process called route redistribution. ([Location 13276](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=13276)) - The lower the number, the better, or more believable, the routing protocol. For example, RIP has a default administrative distance of 120, OSPF uses a default of 110, and EIGRP defaults to 90. ([Location 13284](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=13284)) - When using OSPF and EIGRP, the router will believe the EIGRP route instead of the OSPF route ([Location 13286](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=13286)) - So, you can actually create a static route that is only used when the routing protocol does not find a route, just by giving the static route a higher administrative distance. ([Location 13307](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=13307)) ## New highlights added November 1, 2023 at 8:01 PM - result of enabling OSPF on an interface but then making it passive is that OSPF still advertises about the connected subnet, but OSPF also does not form neighbor relationships over the interface. ([Location 14291](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=14291)) - Set the cost explicitly, using the ip ospf cost x interface subcommand, to a value between 1 and 65,535, inclusive. Although it should be avoided, change the interface bandwidth with the bandwidth speed command, with speed being a number in kilobits per second (Kbps). Change the reference bandwidth, using router OSPF subcommand auto-cost reference-bandwidth ref-bw, with a unit of megabits per second (Mbps). ([Location 14484](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=14484)) ## New highlights added November 7, 2023 at 8:01 AM - switch port providing a wired connection to an AP must be configured to support either access or trunk mode. In trunk mode, 802.1Q encapsulation tags each frame according to the VLAN number it came from. The wireless side of an AP inherently trunks 802.11 frames by marking them with the BSSID of the WLAN where they belong. ([Location 19076](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=19076)) - interfaces. Cisco wireless controllers differ a bit; ports and interfaces refer to different concepts. Controller ports are physical connections made to an external wired or switched network, whereas interfaces are logical connections made internally within the controller. ([Location 19128](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=19128)) - Note Traditionally, many people have assigned IP address 1.1.1.1 to the virtual interface. Although it is a unique address, it is routable and already in use elsewhere on the Internet. A better practice is to use an IP address from the RFC 1918 private address space that is unused or reserved, such as 192.168.1.1. You could also use a reserved address from RFC 5737 (192.0.2.0/24) that is set aside for documentation purposes and is never used. ([Location 19210](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=19210)) - The virtual interface address is also used to support client mobility. For that reason, every controller that exists in the same mobility group should be configured with a virtual address that is identical to the others. By using one common virtual address, all the controllers will appear to operate as a cluster as clients roam from controller to controller. ([Location 19214](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=19214)) - Two of the CCNA exam objectives involve configuring a WLAN for client connectivity with WPA2 and a PSK using only the controller GUI. As you work through this section, you will find that it presents a complete WLAN example that is based on the topology shown in Figure 29-7 using the WPA2-Personal (PSK) security model. ([Location 19226](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=19226)) - Cisco controllers support a maximum of 512 WLANs, but only 16 of them can be actively configured on an AP. ([Location 19244](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=19244)) - As a rule of thumb, always limit the number of WLANs to five or fewer; a maximum of three WLANs is best. ([Location 19251](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=19251)) - Be aware that, by default, a controller will not allow management traffic that is initiated from a WLAN. ([Location 19429](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=19429)) ## New highlights added November 8, 2023 at 8:01 AM - Authentication: Who is the user? Authorization: What is the user allowed to do? Accounting: What did the user do? ([Location 34236](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=34236)) ## New highlights added November 11, 2023 at 12:07 PM - The core feature of DHCP Snooping defeats this type of attack on untrusted ports. It checks the Ethernet header source MAC address and compares that address to the MAC address in the DHCP header, and if the values do not match, DHCP Snooping discards the message. ([Location 36113](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=36113)) ## New highlights added November 12, 2023 at 4:28 PM - For other users (that is, Telnet and SSH users), the device requires a two-step process before the user sees the messages. First, IOS has another global configuration setting—logging monitor—that tells IOS to enable the sending of log messages to all logged users. However, that default configuration is not enough to allow the user to see the log messages. The user must also issue the terminal monitor EXEC command during the login session, which tells IOS that this terminal session would like to receive log messages. ([Location 36748](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=36748)) - you can see, you can sit on one device and discover a lot of information about a neighboring device—a fact that actually creates a security exposure. Cisco recommends that CDP be disabled on any interface that might not have a need for CDP. For switches, any switch port connected to another switch, a router, or to an IP phone should use CDP. ([Location 37290](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=37290)) - Table 10-2 RFC 1918 Private Address Space Range of IP Addresses Network(s) Class of Networks Number of Networks 10.0.0.0 to 10.255.255.255 10.0.0.0 A 1 172.16.0.0 to 172.31.255.255 172.16.0.0 – 172.31.0.0 B 16 192.168.0.0 to 192.168.255.255 192.168.0.0 – 192.168.255.0 C 256 In ([Location 37692](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=37692)) - However, not every classification can be easily made by matching with an ACL. In more challenging cases, Cisco Network Based Application Recognition (NBAR) can be used. ([Location 38486](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=38486)) - NBAR provides easy built-in matching ability for WebEx, plus more than 1000 different subcategories of applications. ([Location 38494](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=38494)) - Without getting into the depth of any one plan, the plans all specify some variation for how all devices should mark data as follows: DSCP EF: Voice payload AF4x: Interactive video (for example, videoconferencing) AF3x: Streaming video AF2x: High priority (low latency) data CS0: Standard data ([Location 38656](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=38656)) ## New highlights added November 26, 2023 at 1:35 PM - In a SOHO wireless LAN, the wireless AP acts autonomously, rather than with a WLC, doing all the work required to create and control the WLAN. In other words, the autonomous AP communicates with the various wireless devices using 802.11 protocols and radio waves. It uses Ethernet protocols on the wired side. It converts between the differences in header formats between 802.11 and 802.3 frames before forwarding to/from 802.3 Ethernet and 802.11 wireless frames. But it does not encapsulate frames in CAPWAP, because the AP will not send the frames to a WLC. ([Location 40110](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=40110)) - Do not supply power on a PoE-capable port unless negotiation identifies that the device needs power. Step 2. Use Ethernet autonegotiation techniques, sending low power signals and monitoring the return signal, to determine the PoE power class, which determines how much power to supply to the device. ([Location 40153](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=40153)) - CCNA Exam Topics with CLI Skill Requirements ([Location 44165](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=44165)) ## New highlights added November 28, 2023 at 2:53 AM - SYN means “synchronize the sequence numbers,” ([Location 32306](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=32306)) - 1. ([Location 44705](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=44705)) ## New highlights added November 28, 2023 at 8:41 PM - Finally, Cisco recommends that you disable the ACLs on the interfaces before you change the statements in the list. ([Location 33697](https://readwise.io/to_kindle?action=open&asin=B084X5D1KC&location=33697))